Sun and OracleChannel SunHow to BuyLog In繁體中文

Solaris 2.4 Introduction
只搜尋這本書
搜尋說明
包含在
尋找其他文件
熱門支援資源
 以 PDF 格式下載這本書

System Administration in Solaris 2.4

4

The Solaris 2.4 system software and the ONC family of network protocols form the foundation for enabling distribution of applications and data across networks in the Solaris 2.4 environment. As a system administrator, you can manage users, data, programs, and resources across Solaris 2.4 networks.

Starting the OpenWindows Software

For the Solaris 2.4 release, OpenWindows software is installed by default in /usr/openwin. Executing the openwin command accesses OpenWindows software; many applications such as Calendar Manager depend on finding OpenWindows software in /usr/openwin.
Note - If you installed OpenWindows software at a location other than /usr/openwin, you must create a symbolic link, /usr/openwin, that points to where the OpenWindows software is installed. This must be done before you start any OpenWindows software.
If you are mounting OpenWindows from a remote server, mount it on the directory /usr/openwin.

Shell and Command Tools

There are three shells available in the Solaris 2.4 environment:
  • The Bourne shell (/bin/sh) is the default UNIX-system command interpreter.
  • The Korn shell (/bin/ksh) is an interactive command interpreter similar to the Bourne shell, but with additional history features.
  • The C shell (/bin/csh) is an interactive command interpreter with a syntax similar to the C language and advanced features such as history listing, aliasing of commands, job control, enhanced file protection, and others.
You can run any of these shells in a Shell or Command Tool.
The Solaris Advanced User's Guide gives you information about changing shell parameters such as default position, size, and naming conventions. User Accounts, Printers, and Mail Administration describes defining a user's environment variables such as the default shell type.

Common Administration Tasks

You can also use User Account Manager to add new users to your distributed computing environment with Administration Tool (admintool), using the User Account Manager to add entries to the network wide (NIS+) passwd and auto_home tables.
You use UNIX commands to allocate a home directory for the new user, copy skeleton initialization files into it, and make the home directory available to the new user from any machine on the network. These procedures are described in User Accounts, Printers, and Mail Administration.

Setting Up Printers and Printing

User Accounts, Printers, and Mail Administration describes the lp print service software used to set up and administer printing and printers. The lp service consists of several daemons, or processes, that monitor system work, a hierarchy of configuration files in the /etc/lp directory, and a set of administrative commands such as those shown in Table 4-1.
Table 4-1 lp
CommandDescription
lp -dUsed to submit print requests
lpstat -tUsed to look at the print queue, or jobs waiting to print
cancelUsed to delete jobs from the print queue
User Accounts, Printers, and Mail Administration provides a complete description of printing topics such as:
  • Print control forms, print wheels, and interface programs
  • Setting up network print services
  • Using a set of PostScript, device-independent fonts, and filters
Note - lp replaces the lpr commands and the /etc/printcap file. TEX, pscat (C/A/T), and raster image filters are not available in the Solaris 2.4 environment.

Print Spooler (lp) Feature Transition

A new distributed print service to replace the SVR4 print spooler will be provided in place of the lp print spooler. The new print service will be based on the emerging ISO DPA 10175 and POSIX 1387.4 (formerly P1003.7.1) standards. SunSoft will continue to provide the existing print spooler until the new print service ships.
The new print service will continue to support the following commands:
The PostScript filters in /usr/lib/lp/postscript will continue to be provided.
The procedures for print administration, which are only used by system administrators, will be different. However, SunSoft will provide compatibility for the common options of the following administrative commands:
Because the administrative model is more powerful for an ISO DPA spooler, the following administrative commands will no longer be provided:
For the same reason, compatibility will not be maintained for the configuration files used by the System V print spooler.
The mechanism for providing printer specific support by customizing the System V standard printer interface script will be changed. The SVR4 printing protocol will no longer be provided. Although the new print service will be based on the ISO DPA protocol, the Berkeley Software Distribution (BSD) printing protocol (RFC 1179) will be used to provide operability with existing Solaris and other UNIX-based systems.
The BSD Printing Protocol To simplify the transition, users are strongly advised to configure print clients to use the BSD protocol. This can be done when adding a remote printer by using the default value for Print Server OS in the admintool(1M)Printer Manager or by specifying -t bsd to the lpsystem(1M)command in a command line interface.
Note - Configuring to use the BSD protocol now will allow print clients and servers to be upgraded to future versions of Solaris without breaking print operability. The lpsystem(1M)command has been enhanced to report a warning when an administrator configures a print client to use the System V protocol.

Setting Up Mail

A mail configuration requires three elements that can be combined on the same system or provided by separate systems:
  • At least one mail server
  • A mail host
  • Mail clients
When you want users to communicate with networks outside your subnet, you must also have a relay host or a gateway.
In addition to explaining how the sendmail(1M)mail service works and defining all of the mail concepts, User Accounts, Printers, and Mail Administration provides step-by-step instructions for setting up:
  • Relay hosts
  • Gateways
  • Mail hosts
  • Mail servers
  • Mail clients

ToolTalk Service

The ToolTalk(R) service, an interprocess-message service used by developers, is automatically installed (the Core System Support cluster must always be installed). ToolTalk User's Guide describes the ToolTalk service and provides instructions for tasks such as administering the service and its databases, files, and objects that are referenced by the ToolTalk messages.

Administering Realtime Applications

The greatest improvement in performance for realtime applications comes as a result of the implementation of a new scheduler. The standard UNIX scheduler is not suitable for realtime applications. Realtime applications require a scheduler in which process priorities are never changed and are taken as absolute. System Services Guide provides information on the SunOS 5.x process scheduler and tells you about administering workstations that run realtime applications.

Administering Files and File Systems

This section introduces Solaris 2.4 file system management technology and resource sharing. Solaris 2.4 resource sharing products are distributed file systems. This means that a computer can distribute its file systems on the network, allowing client computers to use the file systems as if they were local. The sharing resources products offered by the Solaris 2.4 environment are:
  • NFS(R) for sharing files across a network. NFS was developed by Sun Microsystems and adopted by SVR4. You can read and write NFS files anywhere on the network (provided you have permission to do so).
  • The Autofs is a network service that allows a user to read and write network file systems by automatically mounting them, eliminating the need to issue a mount command.
  • The System V file system pertains specifically to x86 systems.

Setting Up File Systems

During the installation of Solaris software, the SunOS 5.x file system is installed onto the disk. Table 4-2 lists the default set of directories; your system may have a combination of these defaults. For more information about the directory hierarchies and the file systems mounted on each directory, see File System Administration.
Table 4-2
NameDescription
/The root, or base, directory to all file systems and directories
/etcThe directory containing system-specific files and databases
/usrThe mount point for the sharable /usr file system
/export/ homeThe default mount point for a file system containing user's home directories
/varA directory containing system files and directories likely to change or grow over the life of the local system
/kernelThe directory containing UNIX and its related modules and drivers
/optThe directory where you install optional software applications
/tmpA temporary directory that is cleared each time the system boots
/procThe directory containing a list of active system processes, by number
Understanding File System Types File system types support different media and storage devices, such as different hard disks, remote file systems, and compact discs. Data is stored on these devices by the operating system to maximize the retrieval of the data. A file system is a grouping of files stored in a particular file system type. For a complete list of file systems arranged by file system type, see File System Administration.
The Solaris 2.4 environment supports three file system types:
  • Disk-based
  • Distributed (network)
  • Pseudo
x86 - The SVR4 s5 file system type is not a supported file system for SPARC systems, but is supported on x86 systems. For information about file systems and compatibility, see Administration Supplement for Solaris Platforms.
Disk-based File Systems Disk-based file systems are file systems structured for a particular hard-disk format.
There are three disk-based file systems:
  • The UNIX file system (UFS) is the default file system for local hard disks. The UFS combines the BSD Fast File System (BSD FFS) and the 4.3 Tahoe Fast file system features to provide the following:

    · File system locking

    · Data blocks as large as 8 Kbytes

    · Support for new-generation hard disks by de-referencing variable-length list structures

    · Unlimited inodes and cylinders per cylinder group for disks

  • The High Sierra File System (hsfs) is a file system for compact disc (CD-ROM) drives. It supports the High Sierra CD-ROM file formats and the ISO 9660-88 CD-ROM file formats using the Rock Ridge extension. (The Rock Ridge extension now supports multisession CD-ROM.)
  • The PC file system (pcfs) is a file system for accessing data written for personal computers running versions of the DOS operating system.
Pseudo File Systems Pseudo file systems are virtual or memory-based file systems. These file systems are primarily used for storing system level information and are rarely accessed directly by users, but rather by a UNIX command that returns system information.
The most commonly used of these pseudo file systems for system administration are:
  • The temporary file system, tmpfs(7), which improves system performance by storing, or caching, local and network disk access in memory. tmpfs information is temporary; it is lost when the power is turned off to the system or when you restart the system.
  • The process file system, proc(4), which contains information about executing kernel processes. Standard system call interfaces are used to access the /proc files: open(2), close(2), read(2), write(2), and ioctl(2).
  • The loopback file system, lofs(4s), which enables virtual file systems to be created, providing convenient paths to files through mounted directories using alternate path names.
  • The Cache File System (CacheFS) which can be used to improve performance from remote file systems or slow data devices such as CDs. When a file system is cached, the data read from the remote file system or CD is stored on the local system for future use. See Administering File System for more information on CacheFS.
Distributed File Systems Distributed file systems are actually network services for sharing files and resources across a network. NFS Administration Guide describes distributed file systems in detail.
Virtual File Systems Virtual File System/virtual node (VFS/vnode) file management is implemented in the operating system and network environment. VFS is a set of interfaces that can access different file systems. A vnode is any file, belonging to any file system type, that is accessed by the kernel.

Administering Systems and Networks

Once you have the Solaris 2.4 release installed, you can take advantage of the SunOS 5.x system software features that simplify system administration and provide a greater control for specific applications and installations. This section is an overview of the features.

Dynamic Kernel

In the Solaris 2.4 environment the kernel is dynamic. It loads drivers or other modules into memory when devices are accessed. You no longer need to manually rebuild or reconfigure the kernel after installation or to add and delete drivers. This is called autoconfiguration.
Autoconfiguration provides the following enhancements:
  • Makes it unnecessary to rebuild kernels when adding new devices to the system
  • Eliminates the need to reboot a machine each time a new driver is loaded
  • Improves performance by removing unneeded code bound to the kernel for infrequently used devices

Adding Devices or Kernel Modules During Boot

At boot time, the system does a self-test and checks for all devices that are attached to it. When you add a new device to the system, you reconfigure the kernel by entering:
  • boot -r (SPARC systems)
  • b -r (x86 systems)
When you boot, a reconfiguration script loads all the device drivers listed in the modules directories and creates the corresponding hardware nodes. See the kernel(1M) man page for more information.
To interactively add drivers or modules to the system, you can also use one of the following:
  • boot -a (SPARC systems)
  • b -a (x86 systems)
You should be aware that for whatever boot specification you use you will be asked to provide a number of other boot parameters, including what to boot, where your root file system is, and similar questions.
Paths to the system files and kernel modules are stored in /etc/system. When the system boots, it reads the information in /etc/system to determine which modules to load. You can specify a different path by using the MODDIR syntax of the system(4)file or by using boot -a.
For more information about booting, see Administration Supplement for Solaris Platforms and Solaris 1.x to Solaris 2.x Transition Guide. For more information on adding devices and drivers, see Peripherals Administration.

Volume Management

Volume Management is a layer of software that manages CD and diskette devices. This software automatically mounts and unmounts CDs and diskettes. If your CD or diskette contains a file system, it will be automatically mounted to the location listed in Table 4-3.
Table 4-3
MediaLocation
CD-ROM/cdrom/cdrom_name
Diskette/floppy/diskette_name
If your CD or diskette does not contain a file system, it will be mounted as shown in Table 4-4.
Table 4-4
MediaLocation
CD-ROM/vol/dev/aliases/cdrom0
Diskette/vol/dev/aliases/floppy0
For more information on configuring Volume Management, see Peripherals Administration. For information on how to use and administer diskettes and CD-ROMs, see File System Administration.
In OpenWindows, File Manager uses Volume Management to provide immediate access to CDs and diskettes with file systems. For more information on File Manager features, see Solaris User's Guide.
Manual pages for Volume Management components are also available in Solaris 2.4. See rmmount(1M), rmmount.conf(4), volcancel(1), volcheck(1), vold(1M), vold.conf(4), volfs(7), and volmissing(1).
Volume Management now controls these CD paths: /dev/dsk/c0t6d0s0 /dev/rdsk/c0t6d0s0
And these diskette paths:
/dev/diskette
/dev/rdiskette
Attempts to mount or access a CD or diskette using these paths results in an error message.

Displaying System Definitions

When a system boots, configuration information is written to a file that can be examined by using the sysdef(1M)command. It lists all hardware devices as well as pseudo devices, system devices, loadable modules, and the values of certain kernel-tunable parameters. See the sysdef(1M)man page for more information.

Initializing and Changing Run Levels

The kernel has eight run levels (also called init states). Run levels are software configurations that invoke a selected group of processes. The default run level for the SunOS 5.x system software is level 3. The levels are briefly described in Table 4-5; for more information, see Common Administration Tasks.
Table 4-5
LevelDescription
0Power-down state
1System-administrator state (single-user)
2Multiuser state (resources not shared)
3Multiuser state; the default state (resources shared)
4Alternative multiuser state (currently unused)
5Software reboot state (unused)
6Reboot
S or sSingle-user state

Administration Tool (admintool)

The Solaris 2.4 environment contains graphical user interface tools for performing system administration. Administration Tool (admintool), which runs under the OpenWindows environment, includes:
  • Database Manager
  • Host Manager
  • Printer Manager
  • Serial Port Manager
  • User Account Manager
Note - The sysadmin group (group ID=14) is created by default in Solaris 2.4. To enable a user to access Administration Tool applications, the only task a system administrator has to perform is to add that user to group 14. If a system is upgraded to Solaris 2.4 that already has a group 14 not named sysadmin, a warning message is displayed.

Database Manager

Database Manager is an interface to the NIS+ databases. Each database has a File, View, and Edit menu. You can list all entries in the databases and search for or display lists of entries that match a value. For information about using the Database Manager, see User Accounts, Printers, and Mail Administration and Administration Application Reference.

Host Manager

Host Manager is a graphical user interface for managing network client information. You can use Host Manager to add support for the following networked system types:
  • Standalone systems
  • Diskless clients
  • Dataless clients
Host Manager is primarily used on a local server to manage support for diskless and dataless clients that need remote file resources and disk storage space. Host Manager can also be used to manage client information from a remote system with the appropriate access privileges.
For more information about using Host Manager, see Administration Application Reference.
For additional information about configuring systems on your network, see Common Administration Tasks. See Name Services Configuration Guide for information on how to configure an NIS+ root master server, and the server compatibility modes:
  • NIS+ server answering NIS and NIS+ client requests
  • NIS+ server answering NIS+ client requests

Printer Manager

Printer Manager is an OPEN LOOK printer server and print client installation and configuration application for the bundled SVR4 lp print subsystem. Printer Manager simplifies connecting your workstation to an existing network printer and creating a new print server. Connections to 4.x BSD printer servers are made by choosing from a menu in the tool.
By registering the printer server and printer name with NIS+, any Solaris 2.4 client can browse the available printers from a list, so you no longer have to know the printer name and server name in advance. See User Accounts, Printers, and Mail Administration for details about Printer Manager. Also see Setting Up Printers and Printing on page 29 and Administration Application Reference.

Serial Port Manager

Serial Port Manager enables you to quickly set up and modify serial port software for terminals and modems. It provides templates for common terminal and modem configurations and multiple port setup, modification, or deletion. To learn more about using Serial Port Manager, see Peripherals Administration and Administration Application Reference.

User Account Manager

User Account Manager enables you to add new user accounts to a network. If you have several user accounts to add, User Account Manager lets you introduce them all from a single workstation at the same time. To learn more about using User Account Manager, see User Accounts, Printers, and Mail Administration, and Administration Application Reference.

Securing Systems and Networks

Security is an important part of administering a single system or a large network. To preserve the integrity of data and programs and to ensure that only certain users can access sensitive information, the Solaris 2.4 environment provides several security features. This section tells you what is available and where to look to learn how to implement the level of security appropriate for your system.

Administration Tool Security

Administration Tool (admintool) uses secure RPC to control access to its services and administrative tools. You can use either System (UNIX) authentication or DES authentication to verify user identities. All users can run admintool to retrieve administration information. You can determine which users can update the information by adding them to the sysadmin group (group ID 14 by default) in the group database. For more information about setting up Administration Tool security, see Security, Performance, and Accounting Administration.

The Shadow Password File

You secure access to your system by using the shadow(4)password file, /etc/shadow. The shadow password file improves security through password aging and login controls. The file may only be accessed by root. For more information, see Security, Performance, and Accounting Administration and User Accounts, Printers, and Mail Administration.

Automated Security Enhancement Tool (ASET)

ASET is a utility that improves security by enabling you to check system file settings, including:
  • Permissions
  • Ownership
  • File contents
ASET warns you about potential security problems and, when appropriate, sets the system files permissions automatically, according to the security level specified. For more information, see Security, Performance, and Accounting Administration.

Setting Up Network Communication Services

The Internet Protocol suite (IP) is a set of formal rules governing the transmission communication of hardware and software in a network environment. TCP/IP Network Administration Guide manual provides the conceptual framework for the use of IP in the ONC networking environment. Complete instructions for setting up and administering TCP/IP-based networks are presented.

Administering Name Services

Name Services Configuration Guide and Name Services Administration Guide discuss NIS+, the network information service for Solaris networks. NIS data can be shared with NIS+ and the services are partially interoperable.
All commands and functions that use NIS are prefixed by the letters yp, as in ypmatch(1), ypcat(1), and ypclnt(3N). Commands and functions that use the NIS+ version are prefixed by the letters nis, as in nismatch(1), nischown(1), and nis_tables(3N).
Some of the advantages of using the NIS+ name service are:
  • NIS+ shares data with the NIS environments, making migration smooth.
  • Domains, or groups of systems, are hierarchical; you can create subdomains.
  • You can use the name service switch (/etc/nsswitch.conf) to set which name service the system tries to use first--NIS+, NIS, or DNS.
  • You can use the Database Manager to make changes to the NIS+ tables by:

    · Adding information

    · Modifying information

    · Deleting information

    · Searching for information

NIS+ Network Security

The NIS+ service provides a flexible security model for name service entries. You can assign UNIX-style permissions (read, write, execute) for every item in the NIS+ table. For information about NIS+ security, see Name Services Administration Guide.